mailcow-dockerized/README.md

189 lines
5.5 KiB
Markdown
Raw Normal View History

2016-12-10 03:40:57 +08:00
# mailcow-dockerized
2016-12-10 03:39:02 +08:00
mailcow dockerized comes with 11 containers linked in a mailcow network:
Dovecot, Memcached, Redis, MariaDB, PowerDNS Recursor, PHP-FPM, Postfix, Nginx, Rmilter, Rspamd and SOGo.
2016-12-12 03:09:08 +08:00
All configurations were written with security in mind.
Exposed ports:
| Service | External bindings | Internal bindings |
2016-12-12 03:10:49 +08:00
| ---------------------:|:---------------------------------------------|:-------------------------------|
2016-12-12 03:09:08 +08:00
| Postfix | 25/tcp, 465/tcp, 587/tcp | 588/tcp |
| Dovecot | 110/tcp, 143/tcp, 993/tcp, 995/tcp, 4190/tcp | 24/tcp, 10001/tcp |
| Nginx | 443/tcp | 80/tcp, 8081/tcp |
| PowerDNS Recursor | 53/udp | |
| Rspamd | - | 11333/tcp, 11334/tcp |
| MariaDB | - | 3306/tcp |
| Rmilter | - | 9000/tcp |
| PHP FPM | - | 9000/tcp |
| SOGo | - | 9000/tcp |
| Redis | - | 6379/tcp |
| Memcached | - | 11211/tcp |
All containers share a network "mailcow-network" (name can be changed, but remove all containers and rebuild them after changing).
2016-12-12 03:09:01 +08:00
## Installation
2016-12-10 03:39:02 +08:00
2016-12-12 03:09:01 +08:00
You need Docker. Most systems can install Docker by running the following command:
```
wget -qO- https://get.docker.com/ | sh
```
2016-12-12 03:09:08 +08:00
1. Open mailcow.conf and change stuff, do not use special chars in passwords in this file (will be fixed soon).
2016-12-10 03:39:02 +08:00
2. Run ./build-all.sh
2016-12-10 03:39:02 +08:00
Done.
You can now access https://${MAILCOW_HOSTNAME} with the default credentials `admin` + password `moohoo`.
## Configuration after installation
### Rspamd UI access
If you want to use Rspamds web UI, you need to set a Rspamd controller password:
```
# Generate hash
docker exec -it rspamd-mailcow rspamadm pw
```
Replace given hash in data/conf/rspamd/override.d/worker-controller.inc:
```
enable_password = "myhash";
```
Restart rspamd:
```
docker restart rspamd-mailcow
```
Open https://${MAILCOW_HOSTNAME}/rspamd in a browser.
### SSL (or: How to use Let's Encrypt)
2016-12-12 03:09:08 +08:00
mailcow dockerized comes with a self-signed certificate. Certificates and DH parameters are saved as `data/assets/ssl/{dhparams.pem,mail.{crt,key}}`.
First you should renew the DH parameters.
Soem say you should use 4096, but be prepared for a long waiting period when generating such a file.
2016-12-12 03:09:08 +08:00
Assuming you are in the mailcow root folder:
```
openssl dhparam -out ./data/assets/ssl/dhparams.pem 2048
```
Get the certbot client:
```
2016-12-12 03:09:08 +08:00
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
```
Please disable applications blocking port 80 and run certbot:
```
2016-12-12 03:09:08 +08:00
certbot-auto certonly \
--standalone \
--standalone-supported-challenges http-01 \
-d ${MAILCOW_HOSTNAME} \
--email you@example.org \
--agree-tos
```
2016-12-12 03:09:08 +08:00
Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
```
mv data/assets/ssl/mail.{crt,crt_old}
mv data/assets/ssl/mail.{key,key_old}
2016-12-12 03:09:08 +08:00
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/mail.crt
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/mail.key
```
Restart containers which use the certificate:
```
docker restart postfix-mailcow
docker restart dovecot-mailcow
docker restart nginx-mailcow
```
2016-12-10 03:39:02 +08:00
2016-12-12 03:09:08 +08:00
When renewing certificates, run the last two steps (link + restart) as post-hook in certbot.
## Special usage
2016-12-10 03:39:02 +08:00
### build-*.files
(Re)build a container:
```
./build-$name.sh
```
2016-12-10 03:40:57 +08:00
**:exclamation:** Any previous container with the same name will be stopped and removed.
2016-12-10 03:39:02 +08:00
No persistent data is deleted at any time.
If an image exists, you will be asked wether or not to repull/rebuild it.
### Logs
You can use docker logs $name for almost all containers. Only rmilter does not log to stdout. You can check rspamd logs for rmilter reponses.
When a process dies, the container dies, too. Except for Postfix' container.
2016-12-11 21:13:17 +08:00
### MariaDB
2016-12-10 03:39:02 +08:00
2016-12-11 21:13:17 +08:00
Connect to MariaDB database:
2016-12-10 03:39:02 +08:00
```
2016-12-11 21:13:17 +08:00
./build-sql.sh --client
2016-12-10 03:39:02 +08:00
```
2016-12-11 21:13:17 +08:00
Init schema (will also be installed when running `./build-sql.sh` without parameters):
2016-12-10 03:39:02 +08:00
```
2016-12-11 21:13:17 +08:00
./build-sql.sh --init-schema
2016-12-10 03:39:02 +08:00
```
Reset mailcow admin to `admin:moohoo`:
```
2016-12-11 21:13:17 +08:00
./build-sql.sh --reset-admin
```
Dump database to file backup_${DBNAME}_${DATE}.sql:
```
./build-sql.sh --dump
2016-12-10 03:39:02 +08:00
```
Restore database from a file:
```
./build-sql.sh --restore filename
2016-12-10 03:39:02 +08:00
### Redis
Connect to redis database:
```
2016-12-11 21:13:17 +08:00
./build-sql.sh --client
2016-12-10 03:39:02 +08:00
```
### Rspamd examples
2016-12-10 03:39:02 +08:00
Use rspamadm:
```
docker exec -it rspamd-mailcow rspamadm --help
2016-12-10 03:39:02 +08:00
```
Use rspamc:
```
docker exec -it rspamd-mailcow rspamc --help
2016-12-10 03:39:02 +08:00
```
### Remove persistent data
2016-12-11 21:13:17 +08:00
MariaDB:
2016-12-10 03:39:02 +08:00
```
2016-12-11 21:13:17 +08:00
docker stop mariadb-mailcow
docker rm mariadb-mailcow
2016-12-10 03:39:02 +08:00
rm -rf data/db/mysql/*
2016-12-11 21:13:17 +08:00
./build-sql.sh
2016-12-10 03:39:02 +08:00
```
Redis:
```
# If you feel hardcore:
docker stop redis-mailcow
docker rm redus-mailcow
rm -rf data/db/redis/*
./build-redis.sh
## It is almost always enough to just flush all keys:
./build-redis client
# FLUSHALL [ENTER]
```